The Fast Mode spoke to Trevor Bidle, Chief Information Security Officer at US Signal on the impact of traffic visibility on ZTNA networks. Trevor joins us in a series of discussions with leading cybersecurity and networking vendors, assessing the evolution of ZTNA technologies, the roadmap for ZTNA deployments, the benefits of ZTNA for enterprise and telco networks, and the need for real-time traffic visibility technologies such as DPI for ZTNA.
Ariana: What challenges do you see across ZTNA deployments?
Trevor: Deploying Zero Trust Network Access (ZTNA) architectures presents a set of challenges that many of our customers have to navigate. Conceptually ZTNA is easy to understand, but tactically challenges stem from the fundamental shift in approach that Zero Trust represents, moving away from traditional perimeter-based security model.
When discussing ZTNA with IT Directors and CIO’s the most common challenges they share are:
- Cultural and Organizational Change: Implementing ZTNA often requires a significant shift in the organizational culture and mindset. Obtaining buy-in from security practitioners within an organization is key and helping them understand that ZTNA improves on the foundation they have built. Firewalls were king in traditional enterprise security architectures, and supporting security practices for endpoint and identity were siloed. Employees and management must adapt to the "never trust, always verify" philosophy which integrates these disciplines into one management plain, which can be a departure from their usual way of working.
- Complexity in Implementation: Zero Trust can be complex to implement, especially in organizations that must continue to support legacy systems and traditional network setups. Adopting ZTNA involves more than buying or implementing one product. Configurations and deployments for every on-premises, cloud-based, and SaaS application may need to be addressed. IT Leaders often are faced with scope creep, and not having a clear path to achieve their desired strategic security goals.
- Legacy Systems and Applications: Many organizations have legacy systems that are not designed for Zero Trust architectures. Adapting these systems to be compatible with ZTNA principles or replacing them can be costly and time-consuming. Working with an experienced ZTNA services provider can enable companies to begin the implementation of ZTNA principles while long term strategic decisions regarding legacy applications are contemplated. Often companies view legacy systems as a roadblock to ZTNA and that does not have to be the case. Incremental progress, such as adopting conditional access, can enable ongoing access to legacy applications and impact significant risk reduction for the enterprise.
Google Cloud's 2023 Threat Horizons Report found that 86% of breaches involve stolen credentials. Adopting ZTNA, can be an excellent method for combating credential-based attaches, as the never trust, always verify nature of ZTNA helps stop attacks where the attackers only have credentials to start from. Implementing ZTNA is a strategic marathon that will not be accomplished overnight. If a company is contemplating ZTNA and where to start, they should consider partnering with a company such as US Signal. Together, an enterprise implantation strategy and roadmap can be created with incremental steps such as implementing Secure Access Service Edge (SASE), a technology supporting ZTNA, that can help protect from credential based attacks and provide conditional access controls based on user identity, location, and device that may not have existed before.
Ariana: How important is traffic visibility for ZTNA vendors?
Trevor: Traffic visibility is extremely important for Zero Trust Network Access (ZTNA) vendors, as it forms a critical component of the Zero Trust security model. The essence of Zero Trust is "never trust, always verify," which requires comprehensive visibility into network traffic. Traffic visibility is key to implementation of ZTNA principles, if a vendor is unable to view traffic, they will not be able to address:
- Granular Access Control: Zero Trust relies on providing the least privilege access. To do this effectively, ZTNA vendors must have detailed visibility into who is accessing what resources and why. This level of insight is necessary to enforce strict access controls and prevent lateral movement within the network.
- Compliance and Audit: In regulated industries, like those that we work with at US Signal (Healthcare, Finance, Banking, Education), maintaining logs of access and network traffic is often a compliance requirement. ZTNA vendors must offer robust traffic visibility to ensure that organizations can meet these regulatory obligations.
- Contextual Decision Making: ZTNA is not just about controlling access; it's also about making informed decisions based on context. Traffic visibility provides the necessary context — such as user behavior, device health, location, and time of access — which is crucial for making dynamic access decisions. Machine learning within many ZTNA solutions is able to contextualize multiple datapoints about a request to access an application, retrieve a file, or access a network resource. For example, if the ZTNA solution determines that access is being obtained via a non-company owned computer, certain access will be prevented.
Traffic visibility, as a component of a well architected Zero Trust solution allows ZTNA vendors to work synergistically with other security technologies such as Extended Detection and Response (XDR) to realize accretive improvements in the defense in depth strategy implemented creating a benefit to the organization by providing significant risk reduction to the enterprise.
As Chief Information Security Officer, Trevor Bidle oversees US Signal’s Information Security and Information Systems teams. He also leads the Security Operations Center (SOC), incident response team, compliance and privacy programs, along with the internal audit functions. Bidle has 23 years of experience leading information technology, engineering, and information security teams. He holds a CISA and CDPSE certification and has completed graduate studies in Cyber Security at George Washington University.
This interview is a part of The Fast Mode's Next-Gen DPI Traffic Visibility for ZTNA segment, featuring over 40 leading cybersecurity and networking solution providers and their views on the importance of traffic visibility for ZTNA. A research report on this topic will be published in January 2024 - for more information, visit here.
